Tuesday, March 27, 2018

The biggest and most
important unsolved problem in Information Security, arguably all of IT, is
asset inventory. Rather, the lack of an up-to-date asset inventory that
includes all websites, servers, databases, desktops, laptops, data, and so on.
Strange as it sounds, the vast majority of organizations with more than even a
handful of websites simply do not know what they are, where they are, what they
do, or who is responsible for them. This is also strange because an asset
inventory is the first step of every security standard and recommended by every
expert.

After many of
years of research, it turns out the reason why is rather simple: There are
currently no enterprise-grade products, or at least anything widely adopted, that
solves this problem. This is important because obviously it’s impossible to
secure what you don’t know you own. And, without an up-to-day asset inventory, the
most basic and reasonable security questions simply can’t be answered:

What percentage of our websites have been tested for vulnerabilities?

Which of our websites have GDPR, PCI-DSS, or other compliance concerns?

Which of our websites are up-to-date on their patches, or not?

An organization has been acquired, what IT assets do they have?

As of today, with
Bit Discovery, all of this is about to change. BitDiscovery is a website asset inventory solution designed to be lightning fast,
super simple, and incredibly comprehensive.

While identifying
the websites owned by a particular organization may sound simple at first blush,
let me tell you, it’s not. In fact, asset inventory is probably the most
challenging technical problem I’ve ever worked on in my entire career. As
Robert ‘RSnake’ Hansen’s, member of Bit Discovery’sfounding teamdescribes in glorious detail, the variety of challenges are absolutely astounding. Just in terms of
cpu, memory, disk, bandwidth, software and scalability in general, we’re
talking about a legitimate big data problem.

Then there’s the
challenges that websites may exist on different IP-ranges, domains, hosting
providers, fall under a variety of marketing brands, managed by various
subsidiaries and partners, confused by domain typo-squatters and phishing scams,
and may come and go without warning. Historically, finding all of an
organizations websites is typically conducted through on-demand scanning seeded
by a domain name or IP-address range. For anyone who has ever tried this model,
they know it’s tedious, time consuming (hours, days, etc), and false-positive
and false-negative prone. It became clear that solving the asset inventory
problem required a completely different approach.

Bit Discovery,
thanks to the acquisition and integration of OutsideIntel, is unique because we
take routine snapshots of the entire Internet, organizing massive amounts of
information (WHOIS, passive DNS, netblock info, port scans, web crawling, etc.),
extract metadata, and distil it down to simple and elegant asset inventory
tracking. As a completely web-based application, this is what gives Bit
Discovery its incredible speed and comprehensiveness. Instead of waiting days
or weeks for an asset discovery scan to complete, searches take just seconds
or less.

After years of
hard work and months private beta product testing with dozens of Fortune 500
companies, we’re finally ready to officially announce Bit Discovery and just weeks
away from our first full production release. I’m particularly proud and
personally honored to be joined by an absolutely world-class founding team. As
an entrepreneur you couldn’t ask for a better, more experienced, or inspiring
group of people. All of us have worked together for many years on a variety of
projects, and we’re ready for our next adventure! Our vision is that every
organization in the world needs an asset inventory, which includes what we like
to say, “Every. Little. Bit.”

As you can see, our
goals at Bit Discovery are extremely ambitious and we need strong financial backing
fully realize them. As part of the company launch, we’re also thrilled to
announce a $2,700,000 early stage round led by Susan
Mason (Managing Partner, Aligned Partners).

During our fund
raising process, we interviewed well over a dozen exceptional venture
capitalist firms, and we were very picky in the process. Aligned’s experience, style, and
investment approach matched with us perfectly. Their team specializes in
experienced founding teams who have been-there-and-done-that, who operate
companies in a capital efficient manner, who know their market and customers
well, and where the founders and investors interests are in alignment. That’s
us and we couldn’t be happier with the partnership.

Collectively,
between Bit Discovery’s founding team and investor group, I’ve never seen or
heard of a more experienced and accomplished team that brings everything
together for a company launch. We have everything we need for a runaway
success story. We have the right team, the right product, the right financial
partners, and we’re at the right time in the market. All we have to do is put in
the work, serve our customers well, and the rest will take care of itself.

Finally,
the Bit Discovery team wants to personally thank all the many people who helped
us along the way and behind the scenes. We sincerely appreciate everyone’s
help. We couldn’t have gotten this far without you. Look out world, we’re ready
to do this!

Friday, March 09, 2018

Two years ago, I joined SentinelOne as Chief of Security Strategy to help in the fight against malware and ransomware. I’d been following the evolution of ransomware for several years prior, and like a few others, saw that all the ingredients were in place for this area of cyber-crime to explode.We knew it was likely that a lot of people were going to get hurt, that significant damage could be inflicted, and something needed to be done. The current anti-malware solutions, even the most popular, were ill-equipped to handle the onslaught. Unfortunately, we weren’t wrong, and that was about the time I was first introduced to SentinelOne.When I met SentinelOne, it was just a tiny Silicon Valley start-up. It was quickly apparent to me that they had the right team, the right technology, and most importantly – the right vision necessary to make a meaningful difference in the world. SentinelOne is something special, a place poised for greatness, and an opportunity where I knew I could make a personal impact. The time was right for me, so I made the leap! Today, only a short while later, SentinelOne is a major player in the endpoint protection with super high aspirations.Since joining I have had a front row seat to several global ransomware outbreaks including WannaCry, nPetya, and other lesser-known malware events as the SentinelOne team "laid the hardcore smackdown" on all of them. One particularly memorable event was WannaCry launching at the exact moment I was on stage giving a keynote presentation to raise awareness about ransomware. Quite an experience, but also a proud moment as all of our customers remained completely protected. One can't hope for better than that!On SentinelOne's behalf, I have had the unique opportunity to participate in the global malware dialog, learn a ton more about the information security industry, continue helping protect hundreds of companies, and something I’m personally proud of: launch the first ever product warranty against ransomware ($1,000,000). I contributed to some cutting-edge research alongside some truly brilliant and passionate people. It’s been a tremendous experience, one which I’m truly thankful for.I wish I had all the time in the world to pursue all of my many interests, which as an entrepreneur, is one of my greatest challenges. For me, it will soon be time to announce and launch my next adventure -- a new startup! I’ll share more details in a few weeks, but it’s something my co-founders and I have been quietly working on for years.The best part is that I don’t have to say goodbye to SentinelOne. I’ll be moving into a company advisory role. This way I still get to remain connected, in-the-know and continue helping SentinelOne achieve its full potential.For now, a very special thank you to everyone at SentinelOne, especially Tomer Weingarten (Co-Founder, CEO) for leading the charge and allowing me to be a part of the journey.

About Me

Jeremiah Grossman's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names. He has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for his security research. Jeremiah has written hundreds of articles and white papers. As an industry veteran, he has been featured in hundreds of media outlets around the world. Jeremiah has been a guest speaker on six continents at hundreds of events including many top universities. All of this was after Jeremiah served as an information security officer at Yahoo!